warn-no-info
Aucune information trouvée dans cette catégorie
warn-no-info
Aucune information trouvée dans cette catégorie
Scan Summary :
Sévérité | Service à l'écoute | Vulnérabilités |
|---|---|---|
| http (port:80) | ||
| http (port:443) | ||
| http (port:8080) | ||
| http (port:8443) |
Scan Summary :
Impact | Description | Documentation |
|---|---|---|
| Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src="//..." | Doc Subresource Integrity. | |
| Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. | Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | |
| Cookies set without using the Secure flag or set over HTTP | OWASP Session Management Cheat Sheet. | |
| HTTP Strict Transport Security (HSTS) header set to less than six months (15768000) | Doc header Strict-Transport-Security (HSTS). |
Scan Summary :
Grade capped to A. HSTS max-age is too short
Expiration : 18/08/2023
Risk/Confidence | Name |
|---|---|
| Content Security Policy (CSP) Header Not Set | |
| Strict-Transport-Security Header Not Set | |
| Cookie with SameSite Attribute None | |
| Permissions Policy Header Not Set | |
| Timestamp Disclosure - Unix | |
| Base64 Disclosure | |
| Non-Storable Content |
warn-no-info
Aucune information trouvée dans cette catégorie
